Sambar FTP Server Malformed SIZE Command DoS

medium Nessus Plugin ID 24020

Language:

Synopsis

The remote FTP server is affected by a denial of service vulnerability.

Description

The remote host appears to be using Sambar Server, a multi-service application for Windows and Linux.

The version of Sambar installed on the remote host crashes when its FTP server component attempts to process a specially crafted SIZE command. An authenticated, remote attacker can exploit this flaw to deny service to legitimate users.

Solution

Unknown at this time.

Plugin Details

Severity: Medium

ID: 24020

File Name: sambar_ftp_size_dos.nasl

Version: 1.20

Type: remote

Family: FTP

Published: 1/17/2007

Updated: 7/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Information

Required KB Items: ftp/login, ftp/password

Excluded KB Items: ftp/ncftpd, ftp/msftpd, ftp/fw1ftpd, ftp/vxftpd

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 12/15/2006

Reference Information

CVE: CVE-2006-6624

BID: 21617

Detections

Analytics